package com.security.controller;

import com.security.entity.SysUser;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.parameters.P;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @作者: 林江
 * @创建时间: 2023/12/26
 * @功能:
 */
@RestController
public class HelloSecurityController {
    private SysUser user;

    public HelloSecurityController() {
        user = new SysUser();
        user.setName("admin");
    }

    @PreAuthorize("hasRole('ADMIN')")
    @GetMapping("/hello/security/1")
    public String hello1() {
        return "hello security1";
    }

    @GetMapping("/hello/security/2")
    public String hello2() {
        return "hello security2";
    }

    @PreAuthorize("#user.name == authentication.name") // 没有通过。表达式得清楚。
    @GetMapping("/hello/security/3")
    public String hello3(@P("user") SysUser user) {
        return "hello security3 " + user.getName();
    }

}
